1. Field of the Invention
The present invention relates to an IPsec communication method, a communication control apparatus, and a network camera that perform encoded communication via an IP network.
2. Description of Related Art
In recent years, a network camera has been developed that can connect to an IP (Internet Protocol) network, in a proposed system where image and video data captured by such a network camera can be viewed by a communication terminal apparatus, such as a computer. In this network camera system, the communication terminal apparatus accesses the network camera by using an installed browser and receives the captured image data by using the HTTP (HyperText Transfer Protocol).
Related Art 1 describes an example of a network camera that can be used in the above network camera system. In the network camera system, non-interlaced frame image data and field image data are generated from interlaced image data output by the network camera, in order to output a high quality image data that is distributed to a client via the network.
The conventional network camera system has the following shortcomings. Since an unspecified number of users can access the camera, the security of the data can be compromised. In particular, a communication terminal apparatus connected to the IP network and having a browser installed can easily access the network camera system. However, depending on the location of the network camera, the distribution destination of the captured image needs to be limited to a certain kind of users (e.g., registered users).
As a technology that reinforces the security of the captured image distribution from the network camera, via the IP network, an IPsec (Security Architecture for IP) communication protocol can be introduced, the protocol performing encoding and authentication of an IP packet. The IPsec is a protocol regulated by the RFC (Request For Comment) technically specified by the IETF (Internet Engineering Task Force) (see Publication 1). Using the IPsec enables authentication to prevent alteration of data within the IP packet, and encodes the data in the IP packet.                [Related Art 1] Japanese Patent Laid Open Publication 2003-259175        [Publication 1] IETF RFC2401 “Security Architecture for the Internet Protocol”        
When performing data communication using the IPsec, a data source (i.e., network camera, when transmitting image data from a network camera to a communication terminal apparatus) needs to have a security policy database (SPD) and security association database (SAD), the SPD registering information that indicates to which destination the encoded communication is performed (security policy), the SAD registering data including a parameter that indicates the encoded contents of the encoded communication for each security policy in the SPD. When there is a data transmission request from a communication terminal apparatus whose IP address is not registered in the SPD (terminal that does not have a permission from the security policy to communicate), the network camera (data source) can ignore the transmission request from the communication terminal apparatus.
An IP address for the communication terminal apparatus (data destination) can be dynamically assigned by the DHCP (Dynamic Host Configuration Protocol). Therefore, the IP address is not always fixed. In such a case, the security using the IPsec cannot be enforced, since the IP addresses for terminals having the permission for the IPsec communication cannot be registered in advance, in the SPD and SAD of the network camera.
The IPsec communication is still possible by temporarily obtaining an IP address from the communication terminal apparatus and registering the same in the SAD and SPD of the camera. However, when the IP address is no longer used by the communication terminal apparatus at a later stage, such an entry which will not be used in the future can be left in the SPD of the camera, thereby straining the memory space.